Lineup Signup
Hi! We're just rearranging some Desktop boards to make it easier to find what you're looking for. Please bear with us, and we'll be done very soon.
To post a new question or issue, please go here: Desktop (Windows), Desktop (Mac), Desktop (Linux), Web Player.

Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Reply
11 people liked this

Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Edited
Casual Listener
‎2017-04-09 04:11 PM

Why is the latest Spotify client for Linux built against an usupported, vulnerable version of openssl?? Whomever is responsible for maintaining the .deb package could you please switch to building it against a non-discontinued/patched version of openssl?? Like say openssl 1.0.2 or 1.1.x ... That would be awesome.

 

Thank you!

7 Replies
1 person liked this

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Edited
Regular
‎2017-05-02 03:33 PM

Known problem since half a year.

Very bad on their side.

 

EDIT: or better, I think I got libcurl to compile (and work) just fine even with 1.0.2k.. Though it wouldn't hurt if they could update to 1.1

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Edited
Casual Listener
‎2017-05-03 04:54 AM

I don't see why they can't build a .rpm for this for CentOS/Fedora users also in additon to the .deb installer....seems like they are just being lazy, I would do it if I had access to the source...tried converting the .deb to an .rpm using alien and checking the file paths with rpmrebuild and they seem fine... trying to install on CentOS 7.x and keep getting very strange dependancy errors when most all of dependancies should be detected as they are already installed....just build an .rpm from the source for non-debian users please...lazy...we pay for this service, I get the Linux client is "not officially supported" but what's the problem with making it available for most/all flavors of linux and using up-to-date code to build the packages...sloppy.

1 person liked this

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Regular
‎2017-05-03 06:55 PM

http://negativo17.org/spotify-client/

https://github.com/alexlarsson/spotify-app

 

If your distro has no easy way to automate/redistribute others packages, try not to complain here and go OT.

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Edited
Casual Listener
‎2017-05-04 01:09 AM

AFAIK the clients you shared in those links are not the same client code that is pacakged in the spotify repo for Debian/Ubuntu users...is that not true?  I may be mistaken but if not I will complian in the OT instead if so.  If it is the same client than THANK YOU! 

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Music Fan
‎2017-10-19 04:29 AM

it looks like those are flatpak repositories - they bundle all the dependencies with the code, instead of using up-to-date versions.  It doesn't really solve the original issue (libsslv1.0.0 is out of date and unsafe, to the extent that distributions no longer carry it) but should provide a functioning installation

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Music Fan
‎2017-10-19 07:21 AM

It looks like Ubuntu just uses 1.0.0 to refer to all 1.0.x, and Ubuntu is their target distro.  Main thread on this issue with workarounds for various platforms here: https://community.spotify.com/t5/Desktop-Linux-Windows-Web-Player/The-return-of-the-libssl-trouble-o...

1 person liked this

Re: Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Spotify
‎2017-12-15 10:35 AM

Spotify 1.0.69 in the testing repository now (soon stable) can dynamically load different versions of libcrypto.so (from the libssl* packages).

SUGGESTED POSTS